FIDO Munich Seminar: Securing Smart Car.pptx
•Download as PPTX, PDF•
0 likes•124 views
FIDO Munich Seminar: Securing Smart Car.pptx
Report
Share
More Related Content
Similar to FIDO Munich Seminar: Securing Smart Car.pptx
Similar to FIDO Munich Seminar: Securing Smart Car.pptx (20)
More from FIDO Alliance
More from FIDO Alliance (20)
Recently uploaded
Recently uploaded (20)
FIDO Munich Seminar: Securing Smart Car.pptx
- 1. SECURING SMART CAR ECOSYSTEM WITH FDO Simon Trac Do – Founder & CEO VinCSS JSC., Vietnam FIDO Munich Workshop 2024 1
- 2. WHO WE ARE? IoT Security Automotive CyberSecurity IT Security Services VinCSS FIDO2 Ecosystem FIDO2 Ecosystem Founded 2008 100+ High-profile, globally recognized experts 2
- 3. SMART CAR ECOSYSTEM A modern vehicle can contain up to 150 ECUs and more than 100 million lines of software code. which is projected to rise to 300 million lines of code by 2030. A modern vehicle contains more software than Facebook without the backend code (62 million lines of code). A vehicle also has more than double the code of Microsoft Office 2013, over 6 times the code of the Android OS, over 15 times the code of a Boeing 787 As more software is integrated into vehicles, the risk of bugs and vulnerabilities increases, which malicious attackers could exploit, potentially leading to severe consequences for safety, privacy, and vehicle operation. 3
- 4. 339% growth in automotive cyber incidents since 2018 145% growth in critical vulnerabilities of OEM, Tier 1 & 2 Suppliers between 2019-2022 97% of attacks in 2022 were remote Automotive hacks pose a great and immediate threat to the OEM, suppliers, and ultimately – the driver. RISING AUTOMOTIVE RISKS 4
- 5. 5 Automotive cybersecurity incidents have risen by 605% since 2016 As vehicles become increasingly connected and reliant on software, new vulnerabilities emerge, ranging from unauthorized access to vehicle controls to personal data breaches. • Help Net Security (2020) 'Automotive cybersecurity incidents doubled in 2019, up 605% since 2016', Help Net Security, 6 January. Available at: https://www.helpnetsecurity.com/2020/01/06/auto- motive-cybersecurity-incidents/ • OODA Loop (2020) 'Automotive cybersecurity incidents doubled in 2019, up 605% since 2016', OODA Loop, 6 January. Available at: https://www.oodaloop.com/briefs/2020/01/06/automotive-cyberse- curity-incidents-doubled-in-2019-up-605-since-2016/ • IBM (2023) New IBM Security X-Force Threat Intelligence Index is here: Gain insights into the cyberthreat landscape. Available at: https://community.ibm.com/community/user/security/blogs/john-zorabedian1/2023/02/16/new-ibm-security-x-force-threat-intelligence-index Over 470 million connected vehicles are expected by 2025, significantly raising cybersecurity risks in the automotive industry The transportation industry was the ninth most targeted sector in 2022, accounting for 3.9% of attacks among the top ten industries By 2024, the automotive industry could face losses of up to US$505 billion due to cyberattacks
- 6. Since 2021, VinCSS has evolved to become a frontrunner in automotive cybersecurity, provide dedicated services for this rapidly growing industry Our services are tailored to the automotive development lifecycle, ensuring comprehensive coverage from design to implementation, and ongoing monitoring Our commitment to excellence is evidenced by our achievement of the UN R155 and R156 certifications across multiple vehicle models and markets AUTOMOTIVE CYBERSECURITY SERVICES V-Model development process used in the automotive industry 6
- 7. VINCSS IS AT THE FOREFRONT OF DEPLOYING FDO GLOBALLY FDO FOR CAMERAS (12/2022) FDO+MESH FOR CAR PARK SENSORS (9/2023) 7 FDO FOR NETWORKING DEVICES (5/2024)
- 8. FDO IN AUTOMOTIVE • After three years of parallel R&D in the FDO sector and providing services in the automotive cybersecurity sector, we have realized that FDO technology (including FIDO2) can be applied to smart vehicle ecosystems and help massively address the challenges and risks. • Below is our perspective on a few use cases where FDO can be applied in the automotive cybersecurity field 8
- 9. 9 USE CASE 01: FDO FOR KEY MANAGEMENT IN OEM ● ECUs are the heart of a smart car, and the security key is the method for controlling access/interference with the ECU. However, the way OEMs currently manage the keys throughout the vehicle's lifecycle is inadequate, leading to many vulnerabilities and significant risks. ● OEMs often use manual methods to manage keys during the R&D phase, but as soon as they move into production and aftersales, a Key Management System (KMS) is needed due to the exponential increase in the number of keys, which surpasses the capabilities of manual methods. ● However, even when using a KMS, the current key management at OEMs still does not meet practical needs. THE PROBLEM
- 10. 10 USE CASE 01: THE KMS Tier 1 Factory A K1 K1 K2 K2 K1 1 2 6 7 3 4 4 VIN xyz K VIN xyz K VIN xyz KMS Central OEM OEM [K VIN xyz ]K1 [K VIN xyz ]K2 3 8 5 KMS Factory ECU 1 K1 ECU 2 K2 Tier 1 Factory A ECU 1 K1 K2 ECU 2 K2 VIN xyz K VIN xyz ECUs sent to OEM factory for installation in vehicles ECU keys and IDs sent to Tier 1 and loaded in ECUs ECU keys and IDs generated by OEM KMS Central 8 5 7 ECU keys and IDs sent to OEM KMS Factory Vehicle’s key generated by OEM KMS Factory Vehicle’s key + VIN + ECU ID sent to OEM KMS Central Vin and ECU IDs sent to OEM KMS Factory Vehicle’s key sent • Encrypted w/ ECU 1’s key • Encrypted w/ ECU 2’s key
- 11. 11 USE CASE 01: REMAINS ISSUES ● Keys are provisioned to the ECU in an insecure manner, facing many risks of being exposed: OEMs transfer keys by directly sending them to contractors without any encryption mechanism. ● Keys stored in the ECU usually lack an update mechanism when exposed. Once exposed, OEMs often have to replace the part with new keys, which is very costly. ● Vehicles within the same model line often share a common set of keys. Generating keys for each vehicle, if not well managed, can cause issues during after sales service (part replacement/upgrade). Many OEMs use the same key set for development and production. ● Developers/technicians often require access to keys to diagnose ECU errors when there are integration issues with the vehicle. Risk from 3rd party leaks!
- 12. 12 USE CASE 01: WORK AROUND • Establish KMS services to securely store and safely provide keys to contractors. • Use SHE (Secure Hardware Extension) to encrypt keys before performing updates via UDS (Unified Diagnostic Service). • Upgrade in-vehicle networks to use CAN FD or Ethernet (instead of CAN BUS) to employ encrypted communication methods, preventing eavesdropping by malicious ECUs (ECUs maliciously embedded in the vehicle to eavesdrop on CAN messages during key updates at service workshops). However, synchronously applying all these solutions is currently quite costly, complex, and unfeasible due to the varying development capabilities of contractors. If applied separately, these measures will not ensure the elimination of key exposure risks.
- 13. 13 USE CASE 01: FDO FOR KEY MANAGEMENT IN OEM FDO FOR KMS • VinCSS proposes using the FDO protocol with some modifications to suit the operation within the vehicle network. This solution also does not require upgrading the vehicle network as the data is encrypted. • FIDO Device Onboarding (FDO) is a protocol developed by the FIDO Alliance that simplifies and secures the onboarding process of IoT devices, providing a secure method for transferring information during the initial operation of IoT devices. • If we consider ECUs, EoL Tools, and Diagnostic Tools as edge devices, it is entirely possible to apply the FDO protocol to onboard these devices with the necessary keys when they are assembled in a complete vehicle or when it is necessary to change/replace the keys in the vehicle securely.
- 14. 14 Internet Protocol Internet Protocol TBOX FIDO Assets FDO Protocol Implementation GW FIDO Assets FDO Protocol Implementation ECUx FIDO Assets FDO Protocol Implementation ECUx FIDO Assets FDO Protocol Implementation ECUx FIDO Assets FDO Protocol Implementation KMS Services FDO Rendezvous FDO Owner CAN BUS CAN BUS CAN BUS EOL Tools Aftersale Tools IN VEHICLE USE CASE 01: FDO FOR KMS
- 15. 15 ECUx ECUx No credentials found Assemble into vehicle and power up Check credentials Request Connect Request Connect Response Response Setup secure communication Response Exchange security keys Response Verity the client USE CASE 01: KEY MANAGEMENT IN OEM
- 16. 16 TRUST RELATIONSHIP OF A CHARGING STATION AND TRUST CERTIFICATES MANAGEMENT Charging Station Authorized Field Technician Remote attackers Counterfeited Charging Station Malware Remote attackers Local attackers Firmware Developer EV Interoperable (PKI) DISTRUST DISTRUST CPO Backend PKI
- 17. 17 USE CASE 02: FDO FOR SUPPLY CHAIN ● Complexity and Interconnectedness: The automotive supply chain involves multiple stakeholders and interconnected systems, creating numerous entry points for cyber attackers. ● Legacy Systems and Software: Many automotive systems are built on legacy technologies not designed with cybersecurity in mind, making it challenging to retrofit security measures. ● Lack of Standardization: The absence of industry-wide standards complicates cybersecurity practices and increases integration risks. KEY CHALLENGES
- 18. 18 USE CASE 02: FDO FOR AUTOMOTIVE SUPPLY CHAIN • Multi-Layered Security Approach • Building a Culture of Cybersecurity • Collaboration and Information Sharing: • Compliance and Regulatory Frameworks: Adhere to frameworks like ISO/SAE 21434, UN Regulation No. 155, AUTOSAR, and ISO 26262 to build a strong cybersecurity foundation. • Embracing Emerging Technologies: Use machine learning, AI-powered solutions, and FIDO/FDO to solve cybersecurity challenges. BEST PRACTICES
- 19. 19 USE CASE 02: FDO FOR AUTOMOTIVE SUPPLY CHAIN • FDO establishes a protected environment called ROE (Restricted Operating Environment). • The ROE is created on SoCs (System on Chip - e.g., from Texas Instruments, STM) that support SecureBoot, eFuse, and Flash Encryption or hardware devices equipped with TPM (Trusted Platform Module). • The purpose of ROE is to ensure the integrity of the firmware (which contains FDO) as well as all the data that the firmware processes. Additionally, this data is strongly encrypted to prevent decryption and reverse engineering of the firmware or installation of unofficial firmware. FIRMWARE SECURITY
- 20. Secure Firmware Automation Tool 20 Factory Firmware OTA Remote management Push OTA notification VinCSS IoT Platform Application VinCSS FDO Release a firmware for a device Car Infotainment Update firmware Signed Firmware Signed Bootloader Bootloader Public Key Hash Bootloader Private Key FDO Manufacture Private Key VinCSS Supply Chain Tools New device VinCSS KeyStore Sign the firmware with the specific keys Firmware find appropriate keys for device false Create new keys Key block sign firmware burn firmware Data block Store and perform firmware versioning
- 21. 21 tunneling protocol VinCSS IoT Platform register / manage VinCSS FDO Car Infotainment speed sensor Light sensor Ultrasonic sensor SENSORS SECURE ONBOARDING
- 22. Car Infotainment device attestation 22 VinCSS FDO VinCSS IoT Platform register ePayment Car Service log Firmware OTA provide new secured device credentials VinCSS Key Store generate keys update services Resell / Repurpose repurpose safely reset and clean data Extension Modules SMART CAR COMPONENT PROVISIONING
- 23. NEXT STAGES 1. Have a working FDO automotive use case in practice for a vehicle model where we can access the components as a Tier 1 level contractor and coordinate completely with the OEM. VinCSS will coordinate as an FDO vendor. 2. Work with a KMS vendor to add FDO support to their product. 3. Learn from vendor-dependence lesson and find a workaround solution for automotive like we did with FDO for WIFI router. 4. Continue R&D for more FDO applications in the automotive and IoT security domains. 23
- 24. VINCSS INTERNET SECURITY SERVICES JSC • 20Ath Floor, Vincom Center Dong Khoi 45A Ly Tu Trong Street, Ben Nghe Ward, Dist. 1, HCMC, Vietnam. • Email: v.office@vincss.net • Website: www.vincss.net THANK YOU! 24